[Git][security-tracker-team/security-tracker][master] 5 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 26 21:32:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
911a75ea by Salvatore Bonaccorso at 2023-10-26T22:28:24+02:00
Process some NFUs
- - - - -
62003263 by Salvatore Bonaccorso at 2023-10-26T22:28:44+02:00
Add three CVEs for ilias
- - - - -
7cc9a739 by Salvatore Bonaccorso at 2023-10-26T22:29:25+02:00
Add CVE-2023-46137/twisted
- - - - -
130a2af0 by Salvatore Bonaccorso at 2023-10-26T22:29:48+02:00
Add CVE-2023-46118/rabbitmq-server
- - - - -
0db10d3a by Salvatore Bonaccorso at 2023-10-26T22:31:53+02:00
Merge remote-tracking branch 'origin/master'
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,31 +45,31 @@ CVE-2023-5623 (NNM failed to properly set ACLs on its installation directory, wh
CVE-2023-5622 (Under certain conditions, Nessus Network Monitor could allow a low pri ...)
NOT-FOR-US: Nessus Network Monitor
CVE-2023-46748 (An authenticated SQL injection vulnerability exists in the BIG-IP Conf ...)
- NOT-FOR-US: F5
+ NOT-FOR-US: F5 BIG-IP
CVE-2023-46747 (Undisclosed requests may bypass configuration utility authentication, ...)
- NOT-FOR-US: F5
+ NOT-FOR-US: F5 BIG-IP
CVE-2023-46666 (An issue was discovered when using Document Level Security and the SPO ...)
NOT-FOR-US: Elastic Sharepoint Online Python Connector
CVE-2023-46664 (Sielco PolyEco1000 is vulnerable to an improper access control vulnera ...)
- NOT-FOR-US: Sielco
+ NOT-FOR-US: Sielco PolyEco1000
CVE-2023-46663 (Sielco PolyEco1000 is vulnerable to an attacker bypassing authorizatio ...)
- NOT-FOR-US: Sielco
+ NOT-FOR-US: Sielco PolyEco1000
CVE-2023-46662 (Sielco PolyEco1000 is vulnerable to an information disclosure vulnerab ...)
- NOT-FOR-US: Sielco
+ NOT-FOR-US: Sielco PolyEco1000
CVE-2023-46661 (Sielco PolyEco1000 is vulnerable to an attacker escalating their privi ...)
- NOT-FOR-US: Sielco
+ NOT-FOR-US: Sielco PolyEco1000
CVE-2023-46450 (Sourcecodester Free and Open Source inventory management system 1.0 is ...)
- NOT-FOR-US: SourceCodester
+ NOT-FOR-US: Sourcecodester Free and Open Source inventory management system
CVE-2023-46449 (Sourcecodester Free and Open Source inventory management system v1.0 i ...)
- NOT-FOR-US: SourceCodester
+ NOT-FOR-US: Sourcecodester Free and Open Source inventory management system
CVE-2023-46435 (Sourcecodester Packers and Movers Management System v1.0 is vulnerable ...)
- NOT-FOR-US: SourceCodester
+ NOT-FOR-US: Sourcecodester Packers and Movers Management System
CVE-2023-46238 (ZITADEL is an identity infrastructure management system. ZITADEL users ...)
NOT-FOR-US: ZITADEL
CVE-2023-46234 (browserify-sign is a package to duplicate the functionality of node's ...)
TODO: check
CVE-2023-46094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversi ...)
- NOT-FOR-US: WooCommerce plugin
+ NOT-FOR-US: WordPress plugin
CVE-2023-46090 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-46088 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...)
@@ -87,11 +87,11 @@ CVE-2023-46074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bo
CVE-2023-46072 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45869 (ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbit ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2023-45868 (The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attac ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2023-45867 (ILIAS (2013-09-12 release) contains a medium-criticality Directory Tra ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2023-45317 (The application interface allows users to perform certain actions via ...)
NOT-FOR-US: Sielco
CVE-2023-45228 (The application suffers from improper access control when editing user ...)
@@ -148,7 +148,8 @@ CVE-2023-46233 (crypto-js is a JavaScript library of crypto standards. Prior to
CVE-2023-46232 (era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer ...)
TODO: check
CVE-2023-46137 (Twisted is an event-based framework for internet applications. Prior t ...)
- TODO: check
+ - twisted <unfixed>
+ NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
CVE-2023-46134 (D-Tale is the combination of a Flask back-end and a React front-end to ...)
TODO: check
CVE-2023-46133 (CryptoES is a cryptography algorithms library compatible with ES6 and ...)
@@ -499,7 +500,8 @@ CVE-2023-46120 (The RabbitMQ Java client library allows Java and JVM-based appli
CVE-2023-46119 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API ...)
- TODO: check
+ - rabbitmq-server <unfixed>
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg
CVE-2023-45555 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...)
NOT-FOR-US: zzzCMS
CVE-2023-45554 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fa94ed07814c05b0a39858e3d804dac07e40c3a0...0db10d3adc833b2d122943a513bf9ff0029102a5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fa94ed07814c05b0a39858e3d804dac07e40c3a0...0db10d3adc833b2d122943a513bf9ff0029102a5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231026/85af2415/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list